#!/anaconda3/envs/Script/bin python3.8
# -*- coding: utf-8 -*-
# ---
# @Software: PyCharm
# @File: xss_protection.py
# @Author: AllenFu
# @Institution: NCHU, China
# @E-mail: nchufujianjian@126.com
# @Site: 预防XSS攻击
# @Time: 11月 25, 2020
# ---
import re

from flask import request, make_response, jsonify

from app import app


@app.before_request
def XSSProtection():
    dr = re.compile(r'<[^>]+>', re.S)
    for (k,v) in  request.args.items():
        if re.search(dr, v) is not None:
            err_data = {'error_code':400, 'error':True, 'msg':'请不要使用HTML标签'}
            return make_response(jsonify(err_data))


